-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
As David so eloquently points out, the main problem with SPF is getting
people to agree on what exactly it _is_ good for.
David Woodhouse wrote:
On Fri, 2005-08-26 at 09:49 +0100, Dan Field wrote:
- Only useful for FALSE results - i.e.: the sender is forged? So if a
pshiser publishes valid SPF for his domains he can gain a pass... I
suppose this is a benefit in that it is easier to blacklist said
spammer.
The opposite is true. Because forwarding causes failures for SPF, it's
actually only useful in the general case for _positive_ results. You'd
lose genuine mail if you rejected all SPF failures, but you can use SPF
in conjunction with some kind of whitelist.
SPF only reliably tells you 'yes' or 'maybe'.
I find it useful for both the FAIL and PASS cases. The soft results
are rather annoying but don't cause any harm so I don't worry about them.
- Forwarding caused problems unless SRS or some other re-writing is
employed?
The rewriting is never really going to happen in general. SPF will
always give false indications of forgery, while those schemes which
don't require the world to 'upgrade' stand a far better chance than SPF
does.
As pointed out by someone else, forwarding is the degenerate case
of a mailing list. This message passed SPF checks and was forwarded,
therefore the problem is neither intractable nor insurmountable.
Lots of people are stubborn about wanting to continue doing things
the way they always have though. Heck, there are still people out
there running open relays as a matter of principle. There will
still be sites that insist that reusing the original "MAIL FROM"
in forwards is the One True Way To Forward(tm) 10 years from now.
That neither makes them correct nor effective, but people are just
that way sometimes.
--
Daniel Taylor VP Operations Vocal Laboratories, Inc.
dtaylor(_at_)vocalabs(_dot_)com http://www.vocalabs.com/
(952)941-6580x203
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDDzC58/QSptFdBtURAudhAJ4oCnMk0xTd78sAkMFD9aRHRevOzACdEy1n
gSF94L+MLgWNppSSkVOITqI=
=RNO6
-----END PGP SIGNATURE-----